Favorite your Message Center and Roadmap items. Access them anytime via your Profile. Export and share with your team or your LLM.

Microsoft Edge for Business: Cross-tenant support using Intune Mobile Application Management (MAM)

Message ID
MC1255405
View in Message Center
Service
Microsoft 365 suite
Category
Plan for Change
Tags
Major Change New featureAdmin impact
Rollout
February 2026March 2026April 2026
Roadmap ID
557187
View in M365 Roadmap
Platform
Web

Summary

Microsoft Edge for Business will support cross-tenant Intune Mobile Application Management (MAM) policies, enabling data protection on devices managed by different tenants. This opt-in feature, rolling out from February to April 2026, secures corporate data without extra enrollment or disrupting user experience.

Details

[Introduction]

Microsoft Edge for Business now supports cross-tenant Intune Mobile Application Management (MAM) policies. This update allows organizations to apply Intune App Protection Policies to Edge work profiles even when the device is managed by another tenant. This capability helps protect corporate data in cross-tenant scenarios such as contractors, partners, or mergers, without requiring additional device enrollment or disrupting the end-user experience.

This message is associated with Microsoft 365 Roadmap ID 557187.

[When this will happen:]

  • Public Preview (Worldwide): We will begin rolling out mid-February 2026 and expect to complete by early April 2026.
  • General Availability (Worldwide): We will begin rolling out early April 2026 and expect to complete by mid-April 2026.

[How this affects your organization:]

Who is affected:

  • Organizations using Microsoft Edge for Business
  • Admins configuring Intune App Protection Policies 
  • Users accessing corporate data on devices managed by another tenant

What will happen:

  • This feature is off by default and opt-in only
  • Intune MAM policies are enforced within the Edge work profile
  • When enabled, protected downloads are redirected to OneDrive for Business instead of local storage, and leak controls for screenshots and DevTools activate when data protection settings are applied.
  • This approach secures cross-tenant scenarios like contractors or mergers without requiring additional apps or disrupting the user experience.
  • No impact to personal browsing or unmanaged profiles

[What you can do to prepare:]

No action is required before rollout.

  • Review existing Intune App Protection Policies
  • Determine whether to enable cross-tenant MAM for Edge
  • Notify security and helpdesk teams as appropriate
  • Update internal documentation if needed

Learn more: Cross-tenant support using Intune MAM | Microsoft Learn

[Compliance considerations:]

Compliance area impacted Explanation
Customer data storage When protected downloads are enabled by the admin, downloads are redirected to OneDrive for Business instead of local storage, changing where corporate data is stored.
Processing and access of existing customer data Corporate data accessed through Edge work profiles is processed under Intune App Protection Policies even when the device is managed by another tenant.
Tenant-to-tenant interaction This change enables cross-tenant enforcement of Intune MAM policies, allowing one tenant to govern data protection on devices managed by another tenant.
Data Loss Prevention (Purview) Intune MAM leak controls such as clipboard restrictions, screenshot protection, and DevTools blocking are enforced within the Edge work profile.
Admin controls The capability is opt-in and controlled through Intune App Protection Policies, allowing admins to decide whether and how cross-tenant MAM enforcement applies.

Change History

Show
Published: March 18, 2026
Last Updated: March 18, 2026
No change history available

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.

Explore Dashboard Sign Up Free